Confluent Platform 5.5.5 contains security fixes for the following open source packages:
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor - CVE-2020-28491 (CVSS: 7.5)
The vulnerability is addressed in versions 2.11.4, 2.12.1 of jackson-dataformat-cbor. Confluent Platform has resolved this CVE in release 5.5.5 by upgrading to version 2.11.4.
org.glassfish.jersey.core:jersey-common - CVE-2021-28168 (CVSS: 5.5)
The vulnerability is addressed in version 3.0.2 and 2.34 of jersey-common. Confluent Platform has resolved this CVE in release 5.5.5 by upgrading to version 2.34.
io.vertx:vertx-core - CVE-2019-17640 (CVSS: 9.8)
The vulnerability is addressed in version 3.9.4 of vertx-core. Confluent. Confluent Platform has resolved this CVE in release 5.5.5 by upgrading to version 3.9.7.